El vie, 02-06-2006 a las 10:11 -0500, Nicholas Schmidt escribió:
> I am no iptables expert but I know that OpenBSD pf can do this kind of
> filtering. Knowing the competition between the two groups, it is most
> likely possible. You will just write a redirect with dns enabled on the
> ruleset.
>
> Nick
>
> On Thu, 2006-06-01 at 15:36 +0800, zHihaO wrote:
> > Hi all,
> >
> > I'm in a sticky situation now because of the filtering of internet
> > traffic out from China. Our users in china have got alot of problems
> > connecting to our servers here to pop their emails and as a result, we
> > have to get a server up in a datacentre in china and setup ssh port
> > forwarding on the server in china. Here is the flow :
> >
> > chinese users --> china server (high port. eg: 10000 depending on which
> > local server they are connecting to) --> ssh tunnel --> local server
> > (POP3 port)
> >
> > The users in china will connect to our china server like this :
> > china.mail.domain.com:50000. Port 50000 is actually an ssh tunnel to our
> > local servers on port 110 here.
> >
> > Problem is we do have a hugh number of servers and it will be hard to
> > keep track of the big number of ssh tunnels/ports opened up from china
> > to our local servers. Any of you know of any good application level
> > proxy that will redirect users based on the result of their dns records?
> > For example, users connecting to the china server running this proxy
> > will be redirected based on the IP address returned when the proxy do a
> > dig on mail.domain.com or mail2.domain.com and redirect them promptly to
> > port 110 of either mail.domain.com or mail2.domain.com depending on the
> > dig result being returned.
> >
> > Any help will be greatly appreciated..!!!
> >
> > -zhihao
>